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« The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH{S) OR THIRTY (30) DAYS. 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply Is specified above, the maximum statutory period apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). ' 

Status 

1 )^ Responsive to communication(s) filed on 25 July 2003 . 
2a)n This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for fomial matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) K Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) K Claim(s) 1-7,10-17 and 19-22 is/are rejected. 

7) ^ Claim(s) 8.9 and 18 is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10)S The drawing(s) filed on 25 July 2003 is/are: a)0 accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or fonm PTO-152. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)n Some * c)^ None of: 

1 .D Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1 ) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson^s Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Infomiation Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Infomial Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 

U.S. Patent and Trademark Office 

PTOL-326 (Rev. 08-06) Office Action Summary Part of Paper No./Mail Date 20061 224 
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DETAILED ACTION 

1 . Claims 1-22 are pending in the instant application and have been examined. 

Drawings 

2. New corrected drawings in compliance with 37 CFR 1 .121 (d) are required in this 
application because figures 1 , 2, and 6 are entirely hand drawn (informal) and 
noncompliant. Applicant is advised to employ the services of a competent patent 
draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer 
prepares new drawings. The corrected drawings are required in reply to the Office 
action to avoid abandonment of the application. The requirement for corrected drawings 
will not be held in abeyance. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claim 19 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. The claim recites a limitation directed towards the use of the 
open source Boost Library as the program code utilized in the comparison step. 
However the applicant has not specified what source code is available in the Boost 
Library for this purpose. 
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Claim Rejections - 35 USC § 102 
5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 

form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(ej the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 
21(2) of such treaty in the English language. 



6. Claims 1-7, 10-17, and 20-22 are rejected under 35 U.S.C. 102(e) as being 
clearly anticipated by Gupta et al., US 20030004688 A1 . 



As for Claim 1 , Gupta teaches a method for identifying network traffic [0002] 
comprising: receiving pattern matching data [0043]; comparing the pattern matching 
data with a pattem [0050], [0084]; and detemnining whether the pattern matching data 
matches the pattern [0087]. 



As for claim 2, Gupta teaches a method for identifying network traffic as recited in 
Claim 1. wherein the pattem matching data includes application data [0076], [0081], 
[0083], [0095]. 
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As for claim 3, Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , in the event that the pattern matching data matches the pattern, further 
Including determining a property associated with the network traffic [0063], [0064]. 

As for claim 4, Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , in the event that the pattern matching data matches the pattern, further 
including determining a property associated with the network traffic; wherein the 
property is an application protocol [0063], [0064]. 

As for claim 5, Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , in the event that the data matches the pattern, further including determining a 
property associated with the data and assigning a score for the property [0055], [0059]. 

As for claim 6, Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , in the event that the data matches the pattern, further including determining a 
property associated with the data; and applying a policy based on the property [0055], 
[0059], [0061]. 

As for claim 7, Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , further comprising assigning a score to a match if the pattern matching data 
matches the pattern [0055]. 
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As for claim 10, Gupta teaches a method for identifying network traffic as recited 
in Claim 1, wherein the pattern matching data includes a string selected from a packet 
[0084], [0085], [0086]. 

As for claim 1 1 , Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , wherein pattern matching data includes concatenated application data of a 
plurality of packets [0068], [0104]. 

As for claim 12, Gupta teaches a method for identifying network traffic as recited in 
Claim 1, wherein the pattern includes a regular expression [0076], [0081], [0083], 
[0095]. 

As for claim 13, Gupta teaches a method for identifying network traffic as recited in 
Claim 1, wherein the pattern includes application protocol information [0063], [0064], 

As for claim 14, Gupta teaches a method for identifying network traffic as recited in 
Claim 1, wherein the pattern includes commonly used port information [0076], [0107]. 

As for claim 15, Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , in the event the data does not match the pattern, further comprising returning a 
failure indicator [0104: Alert]. 
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As for claim 16, Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , wherein determining whether the pattern matching data matches the pattern 
occurs at the beginning of session [0103: Packet is cached and analyzed upon receipt]. 

As for claim 17, Gupta teaches a method for identifying network traffic as recited in 
Claim 1 , wherein comparing the pattern matching data with a pattern is performed for 
each received data [0103]. 

Claim 20 is directed towards a system that carries out the method steps of claim 1 . 
Claim 20 recites substantially the same limitations as claim 1 and therefore is rejected 
on the same basis as that claim. 

Claim 21 is directed towards a computer program embodied in a computer- 
readable medium that causes a processor to undertake the method steps of claim 1 . 
Claim 21 recites substantially the same limitations as claim 1 and therefore is rejected 
on the same basis as that claim. 

Claim 22 is virtually identical to claim 1 , Gupta teaches the additional limitation found 
in claim 22 and not found in claim 1 of: wherein the pattern matching data includes 
application data [0063], [0064]. 
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Allowable Subject Matter 

7. Claims 8, 9, and 18 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

8. The following is a statement of reasons for the indication of allowable subject 
matter: The closest prior art in the field, Gupta, does not teach the combination of 
features found in claims 8, 9, and 18, particularly including: 

As for claim 8, comparing the pattern matching data with a second pattern and 
assigning a second score to a second match if the pattern matching data matches a 
second pattern. Claim 9 is dependent on claim 8 and is therefore allowable on that 
basis. 

As for claim 18, comparing a second pattern matching data with a second 
pattern, wherein comparing the second pattern matching data occurs substantially 
concurrently with the comparing of pattern matching data with the pattern. 
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Conclusion 

9. The prior art made of record and not.relied upon is considered pertinent to 
applicant's disclosure. The following US Patent documents teach systems of Network 
Intrusion Detection pertinent to the applicant's disclosure: 

Gleichauf etal. 6.499,107 

Carter etal. US 20030051026 A1 

Ricciulll US 20040174820 

1 0. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paul E. Callahan whose telephone number is (571) 272- 
3869. The examiner can normally be reached on M-F from 9 to 5. 

If attempts to reach the examiner by telephone are unsuccessful, the Examiner's 
supervisor, Emmanuel Moise, can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is: (571) 
273-8300. 
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